Vulnerability Description
The web-based Management Console in Blue Coat Security Gateway OS 3.0 through 3.1.3.13 and 3.2.1, when importing a private key, stores the key and its passphrase in plaintext in a log file, which allows attackers to steal digital certificates.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Broadcom | Bluecoat Security Gateway | >= 3.0, <= 3.1.3.13 |
Related Weaknesses (CWE)
References
- http://secunia.com/advisories/11627Broken LinkPatchVendor Advisory
- http://www.bluecoat.com/support/knowledge/advisory_private_key_compromise.htmlBroken LinkPatchVendor Advisory
- http://www.osvdb.org/6218Broken Link
- http://www.securityfocus.com/bid/10371Broken LinkPatchThird Party Advisory
- https://exchange.xforce.ibmcloud.com/vulnerabilities/16182Third Party AdvisoryVDB Entry
- http://secunia.com/advisories/11627Broken LinkPatchVendor Advisory
- http://www.bluecoat.com/support/knowledge/advisory_private_key_compromise.htmlBroken LinkPatchVendor Advisory
- http://www.osvdb.org/6218Broken Link
- http://www.securityfocus.com/bid/10371Broken LinkPatchThird Party Advisory
- https://exchange.xforce.ibmcloud.com/vulnerabilities/16182Third Party AdvisoryVDB Entry
FAQ
What is CVE-2004-2397?
CVE-2004-2397 is a vulnerability with a CVSS score of 7.5 (HIGH). The web-based Management Console in Blue Coat Security Gateway OS 3.0 through 3.1.3.13 and 3.2.1, when importing a private key, stores the key and its passphrase in plaintext in a log file, which allo...
How severe is CVE-2004-2397?
CVE-2004-2397 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2004-2397?
Check the references section above for vendor advisories and patch information. Affected products include: Broadcom Bluecoat Security Gateway.